CVE-2022-25842

All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.

CVSS v3 6.9 MEDIUM
CVSS v2.0 7.5 HIGH

6.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java	Exploit Third Party Advisory
https://github.com/alibaba/one-java-agent/pull/29	Patch Third Party Advisory
https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf	Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874	Third Party Advisory
https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java	Exploit Third Party Advisory
https://github.com/alibaba/one-java-agent/pull/29	Patch Third Party Advisory
https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf	Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:alibabagroup:one-java-agent:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-05-01 16:15

Updated : 2024-11-21 06:53

NVD link : CVE-2022-25842

Mitre link : CVE-2022-25842

CVE.ORG link : CVE-2022-25842

JSON object : View

Products Affected

alibabagroup

one-java-agent

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2022-25842", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "report@snyk.io", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-05-01T16:15:08.710", "references": [{"url": "https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java", "tags": ["Exploit", "Third Party Advisory"], "source": "report@snyk.io"}, {"url": "https://github.com/alibaba/one-java-agent/pull/29", "tags": ["Patch", "Third Party Advisory"], "source": "report@snyk.io"}, {"url": "https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf", "tags": ["Third Party Advisory"], "source": "report@snyk.io"}, {"url": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874", "tags": ["Third Party Advisory"], "source": "report@snyk.io"}, {"url": "https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/alibaba/one-java-agent/pull/29", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim\u2019s machine."}, {"lang": "es", "value": "Todas las versiones del paquete com.alibaba.oneagent:one-java-agent-plugin son vulnerables a una Escritura Arbitraria de Archivos por medio de la Extracci\u00f3n de Archivos (Zip Slip) usando un archivo especialmente dise\u00f1ado que contenga nombres de archivos para saltar directorios (por ejemplo ../../evil.exe). El atacante puede sobrescribir los archivos ejecutables e invocarlos remotamente o esperar a que el sistema o el usuario los llame, logrando as\u00ed la ejecuci\u00f3n de comandos remota en la m\u00e1quina de la v\u00edctima"}], "lastModified": "2024-11-21T06:53:06.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:alibabagroup:one-java-agent:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D0517CE-B63F-4968-B9B0-5EEC9784C072"}], "operator": "OR"}]}], "sourceIdentifier": "report@snyk.io"}